github
/
haproxy-wi
mirror of https://github.com/Aidaho12/haproxy-wi
1
0
Fork 0
Code Issues Releases Wiki Activity

v6.1.3.0 

Change log: https://roxy-wi.org/changelog.py#6_1_3
pull/334/head
Pavel Loginov 2022-08-02 16:38:37 +03:00
parent 7a336ac9d7
commit 3a3994db48
3 changed files with 13 additions and 21 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
app/scripts/ansible/roles/nginx_common/templates/nginx.conf.j2
View File

@ -4,7 +4,10 @@ worker_processes 1;
error_log /var/log/nginx/error.log warn;
pid /var/run/nginx.pid;
{% if ansible_facts['os_family'] == "RedHat" or ansible_facts['os_family'] == 'CentOS' %}
# Load dynamic modules. See /usr/share/doc/nginx/README.dynamic.
include /usr/share/nginx/modules/*.conf;
{% endif %}
events {
worker_connections 1021;
}

19
app/scripts/ansible/roles/waf/tasks/main.yml
View File

@ -78,6 +78,7 @@
- libtool
- make
- gcc-c++
- git
state: latest
when:
- ansible_facts['os_family'] == "RedHat" or ansible_facts['os_family'] == 'CentOS'
@ -101,6 +102,7 @@
- automake
- g++
- make
- git
state: present
when: ansible_facts['os_family'] == 'Debian' or ansible_facts['os_family'] == 'Ubuntu'
environment:
@ -129,7 +131,7 @@
- name: Set ModSec src foleder
set_fact:
mod_sec_src: /tmp/modsecurity-{{ modsec_ver }}
mod_sec_src: /tmp/modsecurity/modsecurity-{{ modsec_ver }}
- name: Re configure Modsecurity
become: true
@ -160,11 +162,6 @@
- standalone/
- apache2/
- name: Install git
package:
name: git
state: present
- name: Git clone spoa-modsecurity
command: chdir=/tmp/ git clone https://github.com/haproxy/spoa-modsecurity.git
@ -265,12 +262,10 @@
- name: Copy owasp files
copy:
src: "/tmp/owasp-modsecurity-crs-2.2.9/{{ item }}"
dest: /tmp/owasp-modsecurity-crs-2.2.9
src: "/tmp/owasp-modsecurity-crs-2.2.9/owasp-modsecurity-crs-2.2.9/{{ item }}"
dest: "{{ HAPROXY_PATH }}/waf/rules"
remote_src: yes
with_items:
- owasp-modsecurity-crs-2.2.9/
- activated_rules/
- base_rules/
- experimental_rules/
- optional_rules/
@ -278,7 +273,7 @@
- name: Copy Modsec crs conf file
copy:
src: /tmp/owasp-modsecurity-crs-2.2.9/modsecurity_crs_10_setup.conf.example
src: /tmp/owasp-modsecurity-crs-2.2.9/owasp-modsecurity-crs-2.2.9/modsecurity_crs_10_setup.conf.example
dest: "{{ HAPROXY_PATH }}/waf/rules/modsecurity_crs_10_setup.conf"
remote_src: true
@ -346,7 +341,7 @@
state: absent
with_items:
- /tmp/modsecurity.tar.gz
- "/tmp/modsecurity-{{ modsec_ver }}"
- "{{ mod_sec_dir }}"
- "/tmp/haproxy-{{ VERSION }}"
- /tmp/owasp.tar.gz
- /tmp/owasp-modsecurity-crs-2.2.9

10
app/scripts/ansible/roles/waf_nginx/tasks/main.yml
View File

@ -5,8 +5,6 @@
set_fact:
ansible_port: "{{SSH_PORT}}"
# - debug: msg="{{ ansible_facts }}"
- name: Check that WAF has been installed
stat:
path: "{{ NGINX_PATH }}/waf/modsecurity.conf"
@ -53,6 +51,7 @@
- libevent-dev
- libpcre3-dev
- libxml2-dev
- libssl-dev
- gcc
- libpcre3-dev
- libcurl4-nss-dev
@ -62,11 +61,8 @@
- autoconf
- g++
- make
- openssl-dev
- libxslt-dev
- gd-dev
- perl-modules
- libmodsecurity3
- libgeoip-dev
- libfuzzy2
state: present
@ -79,8 +75,6 @@
ansible.builtin.get_url:
url: "http://repo.roxy-wi.org/modsec/modsecv3.0.7-{{ ansible_facts.distribution | lower }}{{ ansible_facts.distribution_major_version }}.tar.gz"
dest: /usr/local/modsecv3.tar.gz
when:
- ansible_facts['os_family'] == "RedHat" or ansible_facts['os_family'] == 'CentOS'
- name: Untar ModSec
unarchive:
@ -221,4 +215,4 @@
- /tmp/nginx-connector
- /tmp/OWASP.tar.gz
- /usr/local/modsecv3.tar.gz
# - "/tmp/coreruleset-{{ coreruleset_ver }}"
- "/tmp/coreruleset-{{ coreruleset_ver }}"